For the last three weeks, the city of Baltimore has fought a cyber attack by digital extortionists that has resulted in thousands of computers being frozen, broken email services, and interruptions to real estate sales, water bills, health alert services, and more. Baltimore city computer systems were frozen, and officials have refused to pay the $100,000 ransom. Security experts claim that the attack in Baltimore isn't the only one that has been executed by hackers using the NSA's EternalBlue.
The New York Times reports that the cyber attacks that have happened around the country haven't been linked to the EnterlaBlue tool lost by the NSA because the agency has refused to talk about the lost tool. The group called the Shadow Brokers who leaked the tool to have yet to be identified.
EthernalBlue is targeting local governments in the U.S. where the digital infrastructure is aging, and there are fewer resources to defend systems. EthernalBlue was reportedly one of the most useful exploits in the NSA cyber-arsenal. Former NSA operators told the NYT on condition of anonymity that it took analysts almost a year to find a flaw in Microsoft software and write code to target that flaw specifically.
The exploit they created was initially called EnternalBluescreen because it would often crash computers and tip off targets that something was amiss. It was perfected into a reliable tool that was reportedly used in multiple missions. EternalBlue was such a valuable tool that the NSA never told Microsoft that the vulnerabilities existed in its software and held onto the tool for five years before it was lost into the wild and the agency had to inform Microsoft.
North Korea used the NSA's lost tool for WannaCry in 2017 and was the first to co-opt it. Russia later used the tool in an attack called NotPetya that cost FedEx and Merck pharmaceuticals more than a billion dollars combined despite not specifically targeting them. When the Shadow Brokers began to dump the NSA tools online, the agency then informed Microsoft of the flaw. The issue is that hundreds of thousands of computers remain unprotected around the world. In March, the NSA released a tool called Ghidra that is a cybersecurity reverse engineering toolkit. Many are skeptical of the software, fearing it is another NSA tool to gain access to computer systems around the world.